Sony counts the cost of PlayStation hack

Stephen Pritchard

This week's news, that some 70 million-plus people worldwide are victims of a hacking attack against Sony's PlayStation Network is further evidence that the internet is a dangerous place.

Sony has, rightly, come under critisism for not acknowledging the hack sooner. But the fact that the servers were hacked does not mean Sony was negligent.

The consensus among security professionals is that this is proof - if further proof were needed - that complete security is impossible. As one expert, Neil Campbell, Dimension Data's global general manager for security, puts it the only sure fire way to secure a computer is to unplug it, and lock it in a vault.

That such a step is impractical illustrates the challenge faced by Sony and any other large business that seeks to interact with the public, or offer them services, online. The more successful your service, the more users it attracts. The more users you have, the more valuable a prize you are to hackers.

This means that large, successful brands should do whatever they can to protect their online properties. But even a company as large as Sony cannot act alone.

A better international framework for pursuing hackers and criminals that exploit stolen data would be one helpful step. More industry standards to protect data, such as PCI DSS for credit card details would also help businesses to ensure that they are following best practice.

Better systems design and, in particular, better systems for separating account data such as emails, passwords and payment data, would reduce the impact of any breaches.

One of the problems Sony now has to deal with, following the PlayStation Network breach, is the possibility that not just account information, but user profile and credit card details too were stolen.

The fact that servers holding data for the company's Qriocity entertainment service were compromised means it is not just online gamers who are affected.

At the time of writing, the PlayStation Network was still offline, and Sony will be left counting the cost, both in terms of lost revenues, and damage to its reputation.

But it is not hard-core gamers who will be most affected. For the large part, Sony's core PlayStation fans are IT literate people who, as their largely sympathetic blog posts suggest, understand the inherent problems of online security. It is the more casual users of online services who will be put off when they read, or hear, that a brand as large and technically proficient as Sony has become a victim of online crime.

That is why this is now an issue for governments, rather than industry alone, to address.

Stephen Pritchard is a contributing editor at IT PRO.

Comments? Questions? You can email him here